<%
'******************************************************************************************
'#          Openasp CMS software opensource                                               #
'******************************************************************************************
'#      Copyright (C) Luca Becchetti, Broken Ice Interactive                              #
'#                                                                                        #
'# Questo software è gratuito, è possibile ridistribuire e modificare il prodotto         #
'# rispettando i termini della GNU General Public License pubblicata dalla Free           #
'# Software Foundation, si fa riferimento alla versione attuale e a tutte le versioni.    #
'# future                                                                                 #
'#                                                                                        #
'# Il software viene distribuito con lo scopo di essere utile e di aiutare nella          #
'# realizzazione di un sito web, non ci assiumiamo nessuna responsabilità per             #
'# eventuali malfunzionamenti o problemi provenienti dal programma.                       #
'#                                                                                        #
'# E' assolutamente vietato eliminare ogni riferimento di copyright sia all'interno del   #
'# del codice sorgente sia quelli visivi nel progetto.                                    #
'#                                                                                        #
'# Una copia della licenza GNU GPL è rilasciata nel pacchetto di istallazione del         #
'# software.                                                                              #
'#                                                                                        #
'# Per supporto visita il nostro sito ufficiale                                           #
'# http://www.openasp.it                                                                  #
'#                                                                                        #
'#                                                                                        #
'******************************************************************************************
'
'--------------------------------------------------------------------------------------------

idblog = 1

'Recupero i dati per la configurazione del blog
set dtRS = addConn.Execute("SELECT * FROM tb_blog_blogs WHERE id_blog = " & idblog)
MOD_PAROLE = dtRS("modparole")
MOD_LINK = dtRS("modlink")
set dtRS = Nothing

Function GetWordCount(strInput)
	Dim strTemp

	' Deal with tabs and carriage returns
	' by replacing them with spaces.
	strTemp = Replace(strInput, vbTab, " ")
	strTemp = Replace(strTemp, vbCr, " ")
	strTemp = Replace(strTemp, vbLf, " ")

	' Remove leading and trailing spaces
	strTemp = Trim(strTemp)

	' Combine multiple spaces down to single ones
	Do While InStr(1, strTemp, "  ", 1) <> 0
		strTemp = Replace(strTemp, "  ", " ")
	Loop

	' Get a count by splitting the string into an array
	' and retreiving the number of elements in it.
	' I add one to deal with the 0 lower bound.
	GetWordCount = UBound(Split(strTemp, " ", -1, 1)) + 1
End Function ' GetWordCount

Function IsValidEmail(strEmail)
	Dim bIsValid
	bIsValid = True
	
	If Len(strEmail) < 5 Then
		bIsValid = False
	Else
		If Instr(1, strEmail, " ") <> 0 Then
			bIsValid = False
		Else
			If InStr(1, strEmail, "@", 1) < 2 Then
				bIsValid = False
			Else
				If InStrRev(strEmail, ".") < InStr(1, strEmail, "@", 1) + 2 Then
					bIsValid = False
				End If
			End If
		End If
	End If

	IsValidEmail = bIsValid
End Function


i = split(request.ServerVariables("HTTP_URL"), "/")
if strComp("hello.asp", i(Ubound(i)), 1) = 0 then
  response.redirect request.servervariables("HTTP_REFERER")
end if

'L'id del blog da gestire
if session("uID") <> 0 then
	utente = session("uID")
else
	utente = 0
end if
				
if MOD_LINK = 1 then
	if inStr(request.Form("comment"), "http://") > 0 OR inStr(request.Form("comment"), "www.") > 0 or inStr(request.Form("comment"), "HTTP://") > 0 OR inStr(request.Form("comment"), "WWW.") > 0 then
		au1 = false
	else
		au1 = true
	end if
end if

if MOD_PAROLE > 0 then
	if GetWordCount(request.Form("comment")) <= MOD_PAROLE then				
		au = true
	else
		au = false
	end if
end if

if au = true AND au1 = true then
	if request.Form("reg") <> "true" then
		if request.Form("comment") <> "" and request.Form("author") <> "" and IsValidEmail(request.Form("email")) then
			addConn.Execute("INSERT INTO tb_blog_commenti(testo,email,nome,post, utente, data, sitoweb,pubblico, ip) VALUES('"&replace(encodeHTML(testSQLinj(request.Form("comment"))), chr(10), "<br />")&"','"&request.Form("email")&"','"&request.Form("author")&"','"&request.Form("postID")&"','"&utente&"','"&DateToSTR(STR_TIME)&"','"&request.Form("url")&"','1','"&Request.ServerVariables("REMOTE_ADDR")&"');")
			response.Redirect("default.asp?modulo=blog&pass=1&idpost=" & request.Form("postID"))
		else
			response.Redirect("default.asp?modulo=blog&pass=1&idpost=" & request.Form("postID") & "&errore=1")
		end if
	else
		if request.Form("comment") <> "" then
			addConn.Execute("INSERT INTO tb_blog_commenti(testo,email,nome,post, utente, data, sitoweb,pubblico, ip) VALUES('"&replace(encodeHTML(testSQLinj(request.Form("comment"))), chr(10), "<br />")&"','"&findUsEmail(session("uID"))&"','"&username(session("uID"))&"','"&request.Form("postID")&"','"&utente&"','"&DateToSTR(STR_TIME)&"','"&findUsWebSite(session("uID"))&"','1','"&Request.ServerVariables("REMOTE_ADDR")&"');")
			response.Redirect("default.asp?modulo=blog&pass=1&idpost=" & request.Form("postID"))
		else
			response.Redirect("default.asp?modulo=blog&pass=1&idpost=" & request.Form("postID") & "&errore=1")
		end if
	end if
else
	if request.Form("reg") <> "true" then
		if request.Form("comment") <> "" and request.Form("author") <> "" and IsValidEmail(request.Form("email")) then
			addConn.Execute("INSERT INTO tb_blog_commenti(testo,email,nome,post, utente, data, sitoweb,ip) VALUES('"&replace(encodeHTML(testSQLinj(request.Form("comment"))), chr(10), "<br />")&"','"&request.Form("email")&"','"&request.Form("author")&"','"&request.Form("postID")&"','"&utente&"','"&DateToSTR(STR_TIME)&"','"&request.Form("url")&"','"&Request.ServerVariables("REMOTE_ADDR")&"');")
			response.Write "<div style=""text-align:center"">" & traduci("ling_blog_26") & "<br />"
			response.Write "<a href=""default.asp?modulo=blog&amp;pass=1&amp;idpost=" & request.Form("postID") & """ class=""testo"">"&traduci("ling_blog_27")&"</a></div>"
			'------------INVIO E-MAIL-----------
		  
			  strSender = system_mail_info '//il mittente dell'e-mail
			  strRecipients = system_mail_admin '//il destinatario			  
			  set rp = addConn.Execute("SELECT DISTINCT m.utente FROM tb_blog_posts p , tb_blog_moderazione m WHERE p.categoria = m.idcategoria AND p.id_post = " & request.Form("postID"))
				  if not rp.eof then
				  	Do while not rp.eof
						strRecipients = strRecipients & "," & findUsEmail(rp("utente"))
						rp.MoveNext
					Loop
				  end if
			  set rp = Nothing
			 
			  strSubject = traduci("ling_blog_78") '//il soggetto dell'email
			  
			  mailtype = "HTML"
			  
				strMessage = "<div><font face='verdana' size='2' color='black'><b>"& traduci("ling_blog_79") & " " & request.Form("author") & ","

				set ps = addConn.Execute("SELECT titolo FROM tb_blog_posts WHERE id_post = " & request.Form("postID"))
				if not ps.eof then
				strMessage = strMessage & " " & traduci("ling_blog_80") & " " & ps("titolo") & vbNewLine & vbNewLine
				end if
				set ps = nothing
				strMessage = strMessage & "</b><hr>"&replace(encodeHTML(testSQLinj(request.Form("comment"))), chr(10), "<br />")& "<br/><hr /><br />"& traduci("ling_blog_81")
				strMessage = strMessage & " <a style='font-weight:bold; color:blue; text-decaration:none' href='http://" & system_url & "/admin.asp?modulo=blog&amp;op=comment&amp;id=" & request.Form("postID") & "'>http://" & system_url & "/admin.asp?modulo=blog&amp;op=comment&amp;id=" & request.Form("postID") & "</a>" & "<br/>"				 
				strMessage = strMessage & "</font></div>"
				
				incFile "include/inc_email.asp"
		
		else
			response.Redirect("default.asp?modulo=blog&pass=1&idpost=" & request.Form("postID") & "&errore=1")
		end if
	else
		if request.Form("comment") <> "" then
			addConn.Execute("INSERT INTO tb_blog_commenti(testo,email,nome,post, utente, data, sitoweb,pubblico, ip) VALUES('"&replace(encodeHTML(testSQLinj(request.Form("comment"))), chr(10), "<br />")&"','"&findUsEmail(session("uID"))&"','"&username(session("uID"))&"','"&request.Form("postID")&"','"&utente&"','"&DateToSTR(STR_TIME)&"','"&findUsWebSite(session("uID"))&"','1','"&Request.ServerVariables("REMOTE_ADDR")&"');")
			response.Write "<div style=""text-align:center"">" & traduci("ling_blog_26") & "<br />"
			response.Write "<a href=""default.asp?modulo=blog&amp;pass=1&amp;idpost=" & request.Form("postID") & """ class=""testo"">"&traduci("ling_blog_27")&"</a></div>"
			'------------INVIO E-MAIL-----------
		  
			  strSender = system_mail_info '//il mittente dell'e-mail
			  
			  strRecipients = system_mail_admin '//il destinatario
			   set rp = addConn.Execute("SELECT DISTINCT m.utente FROM tb_blog_posts p , tb_blog_moderazione m WHERE p.categoria = m.idcategoria AND p.id_post = " & request.Form("postID"))
				  if not rp.eof then
				  	Do while not rp.eof
						strRecipients = strRecipients & "," & findUsEmail(rp("utente"))
						rp.MoveNext
					Loop
				  end if
			  set rp = Nothing
			  strSubject = traduci("ling_blog_78") '//il soggetto dell'email
			  
			  mailtype = "HTML"
			  
				strMessage = "<div><font face='verdana' size='2' color='black'><b>"& traduci("ling_blog_79") & " " & request.Form("author") & ","	  

				set ps = addConn.Execute("SELECT titolo FROM tb_blog_posts WHERE id_post = " & request.Form("postID"))
				if not ps.eof then
				strMessage = strMessage & " " & traduci("ling_blog_80") & " " & ps("titolo") & vbNewLine & vbNewLine
				end if
				set ps = nothing
				strMessage = strMessage & "</b><hr>"&replace(encodeHTML(testSQLinj(request.Form("comment"))), chr(10), "<br />")& "<br/><hr /><br />"& traduci("ling_blog_81")
				strMessage = strMessage & " <a style='font-weight:bold; color:blue; text-decaration:none' href='http://" & system_url & "/admin.asp?modulo=blog&amp;op=comment&amp;id=" & request.Form("postID") & "'>http://" & system_url & "/admin.asp?modulo=blog&amp;op=comment&amp;id=" & request.Form("postID") & "</a>" & "<br/>"				 
				strMessage = strMessage & "</font></div>"
				
				incFile "include/inc_email.asp"			
		else
			response.Redirect("default.asp?modulo=blog&pass=1&idpost=" & request.Form("postID") & "&errore=1")
		end if
	end if
end if
%>